Nuclear  Proliferation  via  Darknet  Markets 


This  blog  post  was  first  posted  to  the  International  Centre  for 
Security  Analysis  blog  on  the  21st  April  2016. 

If  there  was  a website  where  you  could  buy  cocaine,  AK47s,  tasers,  guides  to  stealing 
and  hacking,  or  fake  American  passports,  why  wouldn’t  you  be  able  to  buy  something 
worse?  What  would  stop  the  site  from  selling  you  the  kit  you  would  need  to  go  nuclear? 


9 A'phaBay  Market 


Micro  Curie  Polonium-210  Source  from  AlphaBay 

Since  2014  work  has  highlighted  the  problem  posed  by  ecommerce  to  nuclear  [here 
at  ISA  and  by  our  colleagues  at  project  alpha]  and  biological  export  control  regimes.  A 
wide  variety  of  export  controlled  items  from  the  Nuclear  Suppliers  Group  lists,  that 
control  the  goods  you  would  need  to  build  a nuclear  weapon,  were  found  to  be  freely 
available  on  ecommerce  sites  such  as  Alibaba.com.  Significantly,  these  analyses  did  not 
include  the  darknet  markets,  notorious  platforms  used  for  the  exchange  of  illegal  goods. 

After  Silk  Road 

Since  the  takedown  of  Silk  Road  2.0  by  the  FBI  in  2013  darknet  markets,  sometimes 
known  as  cryptomarkets,  have  continued  to  operate.  Since  the  death  of  the  Silk 
Road  brand,  which  was  estimated  at  the  time  of  its  closure  be  making  92,000  USD  a 
month  for  its  operators,  no  single  site  has  dominated  traffic  and  as  of  December  2015 


there  are  over  20  filling  Silk  Road s gap  in  the  market.  No  site  currently  in  operation  was 
online  before  December  2013,  highlighting  the  nature  of  the  cat-and-mouse  game  being 
played  out  between  the  markets  and  the  authorities.  Analyses  of  the  contents  and  users 
of  these  markets  in  the  past  have  focused  on  drugs  and  conventional  criminal  activity, 
such  as  hacking  and  fraud,  with  no  analysis  yet  performed  on  export  controlled 
equipment  and  materials.  In  a recent  excellent  analysis  by  another  group  of  colleagues  at 
King’s  which  took  a broad  look  at  darknet  content,  included  work  on  classifying  darknet 
sites. 

Cryptomarkets  operate  on  a part  of  the  internet  known  as  the  darknet,  which  is  also 
sometimes  known  as  hidden  services.  To  access  this  part  of  the  web  anonymising 
software  such  as  the  TOR  browser  is  required,  which  effectively  masks  the  user's  IP 
address  by  relaying  it  through  a series  of  proxies.  This  allows  users  to  reach  sites  with  the 
.onion  extension.  The  darknet  is  not  indexed  on  search  engines  such  as  Google  and  to 
access  sites  the  link  must  be  known.  Fortunately,  for  a researcher  at  least,  darknet 
markets  want  customers,  so  they  make  themselves  very  easy  to  find.  Many  markets  have 
their  own  page  on  reddit  (subreddit)  and  a quick  google  search  for  darknet  markets  will 
provide  a list  of  currently  operating  sites.  Of  course,  the  majority  of  darknet  sites  are 
better-hidden. 

Anonymity  is  King 

The  darknet  markets  themselves  place  a strong  emphasis  on  anonymity  of  their  users. 
There  is  no  state  to  police  product  quality  or  enforce  any  agreements.  Sites 
therefore  focus  on  mechanisms  to  reduce  insecurity  in  online  transactions.  Financial 
transactions  use  cryptocurrencies  such  as  bitcoin,  which  can  be  bought  using  regular 
currency  though  a bitcoin  exchange  site.  Many  cryptocurrencies  are  available  but  bitcoin 
is  the  only  one  currently  accepted  by  all  sites.  These  currencies  allow  financial 
transactions  that  are  difficult  to  trace  by  other  users  or  the  authorities.  All  bitcoin 
transactions  are  recorded  in  the  blockchain,  a public  file  stored  on  multiple  systems, 
allowing  the  flow  of  bitcoins  to  be  followed  and  acts  as  the  currency  transaction 
verification  mechanism.  The  blockchain  does  not  record  who  is  performing  what 


transaction,  and  each  transaction  is  linked  to  a random  online  address,  but  discovering  an 
identity  at  any  stage  along  the  chain  would  quickly  compromise  a user’s  anonymity.  For 
this  reason  most  darknet  market  users  send  their  bitcoins  to  ‘mixers’  that  return  the 
same  quantity  of  bitcoins  as  sent,  but  blended  between  many  users. 

To  avoid  sellers  not  sending  orders,  sites  also  use  the  ‘escrow’  system  where  transactions 
proceed  via  an  intermediary,  usually  a site  administrator,  which  holds  the  money  from 
transactions  until  items  are  verified  as  delivered  by  the  buyer.  In  the  case  of 
disagreements  the  marketplace  administrator  would  then  resolve  the  dispute.  In  the  first 
generation  of  darknet  markets  the  site  itself  held  the  money  (a  system  also  commonly 
used  on  regular  B2B  sites).  Scammers  quickly  found  a way  to  exploit  this  leading  to 
whole  sites  designed  to  steal  all  their  users’  bitcoins.  The  markets  that  attract  the  most 
traffic  today  are  those  that  use  the  most  up-to-date  user  protections  — namely  ‘multisig 
escrow’.  In  this  system  a virtual  bitcoin  wallet  is  created.  The  buyer  then  inserts  their 
funds  and  the  funds  are  only  released  to  the  seller  when  two  of  the  three  between  buyer, 
seller  and  marketplace  administrator  agree. 

Just  like  Amazon  sellers  or  eBay 

A system  of  feedback  is  also  crucial  to  the  operation  of  the  sites.  Sellers  with  no 
feedback  are  not  as  trusted  as  those  with  multiple  reports  of  good  feedback,  much  like 
sellers  on  amazon  and  Ebay.  Some  sites  allow  private  listings,  where  sellers'  products  are 
not  linked  through  the  main  site.  This  allows  a trusted  seller  to  sell  only  to  a known 
customer  base.  This  is  perhaps  useful  to  maintain  an  established  buyer-seller  relationship 
when  the  customers  buy  the  entirety  of  the  supply.  This  means  these  transactions  cannot 
be  monitored  by  outside  observers.  When  trying  to  monitor  the  availability  of  export 
controlled  goods  this  is  a problem,  but  similar  products  are  still  likely  to  be  sold  on  the 
public  part  of  the  site,  or  would  have  had  to  have  appeared  there  in  the  past. 

Delivery  of  physical  goods  is  performed  using  normal  postal  services.  Sellers  use 
‘stealth’  — techniques  designed  to  hide  the  true  nature  of  the  shipment  from  the 
authorities.  The  only  part  of  a transaction  that  can  be  linked  to  a person,  the  shipping 


address,  is  exchanged  via  encrypted  messenger  software,  the  industry  standard  at  the 
moment  being  PGP,  or  ‘Pretty  Good  Privacy’,  a public-private  key  encryption  system. 
Using  this,  the  seller  is  the  only  one  able  to  decrypt  the  buyer’s  address,  after  an 
exchange  of  public  keys.  This  messaging  system  is  also  used  for  all  communication 
between  users  and  vendors  on  the  sites.  The  buyer  has  to  somehow  pick  up  the  package 
and  at  this  point  there  is  only  so  much  that  can  be  done  to  protect  anonymity,  so 
methods  such  as  the  use  of  a PO.  box  are  the  buyer’s  last  line  of  defense. 

So  what  is  on  there? 

A priori , darknet  markets  seem  like  an  ideal  place  for  illicit  trade  for  export  controlled 
items.  Small  numbers  of  items  for  use  in  the  nuclear  fuel  cycle,  such  as  pressure 
transducers,  would  be  easy  to  offer  and  relatively  easy  to  buy  anonymously.  The  money 
trail  using  darknet  markets  would  be  hard  to  follow  with  the  use  of  cryptocurrency  for 
the  transaction.  Shipping  could  also  be  performed  with  ‘stealth’  where  the  items  are 
cleverly  disguised  from  customs  officials.  Failing  this,  potential  nuclear  buyers  and  sellers 
could  also  make  first  contact  on  a darknet  market  and  then  continue  to  communicate 
through  encrypted  channels. 

Yet  in  the  first  search  for  nuclear  goods  on  darknet  markets  that  we  are  aware  of,  across 
all  the  darknet  markets  that  were  operating  in  October  2015,  no  trace  of  any  nuclear- fuel 
cycle  related  items  was  found.  Drugs  were  copious  and  an  array  of  items  — guides  to 
stealing  credit  cards,  lifetime  Netflix  memberships,  fake  passports,  fake  driving  licenses, 
CS  gas,  lists  of  darknet  sites,  the  anarchist’s  cookbook  and  the  complete  works  of  G.  R. 
R.  Martin  — not  a single  item  even  close  to  being  relevant  for  nuclear  export  controls  was 
found. 

Nuclear  Security  Questions 

Seemingly  the  only  exception  was  a seller  from  the  Alpha  Bay  market  in  Autumn  2015 
offering  Polonium-210,  Cobalt-60,  at  micro-curies  activity  levels,  likely  stocked  from  a 
lab  supplies  company. 


a AlphaBay  Market 


1 micro  Curie  Cobalt-60  source  from  AlphaBay  market 


a A'phaBay  Market 

O 


0.1  micro  Curie  Polonium-210  Source  from  AlphaBay 

They  also  sold  tiny  quantities  of  uranium;  thankfully  it  was  the  kind  that  you  can  also 
buy  on  amazon. 

a AlphaBay  Market  — 

• • • 

a 


Uranium  ore  on  AlphaBay  (from  Autumn  2015) 


amazon 


As  of  April  2016  the  seller  is  still  there  (easy  to  check  using  Grams , the  darknet  markets' 
search  engine  at  http://grams7enufi7jmdl.onion  with  TOR)  offering  uranium,  0.1  pCi 
Co-60,  as  well  as  chemical  hazard  suits,  radiation  signs,  but  no  more  polonium.  He  has 
even  had  4 customers. 


Uranium  ore  on  AlphaBay  (from  April  2016) 

How  seriously  should  the  availability  of  these  items  be  taken?  The  radiation  levels  are 
minuscule.  Polonium-210  is  used  as  a neutron  initiator  in  a nuclear  weapon,  but  probably 
1,000-1,000,000  times  more  would  be  needed.  It  was  also  used  in  the  assassination  of 
Alexander  Litvinenko,  but  again  a much  larger  quantity  would  probably  needed,  given 
that  the  micro-curie  amount  was  priced  at  $210  dollars,  you  can  get  it  from  suppliers 
for  a similar  price,  and  reports  around  the  incident  claimed  that  it  would  likely  have  cost 


‘tens  of  millions  of  dollars’.  A look  at  the  radiation  dose  delivered  by  this  0.1  pC  sample 
would  lead  us  to  the  same  conclusion. 

So  we  are  left  with  the  likelihood  that  our  seller  is  a prankster  or  FBI  agent.  Even  so, 
that  these  kinds  of  items  were  even  available  raises  important  nuclear  security  questions 
about  the  darknet  that  should  be  addressed  in  future. 

Other  Interesting  activity 

Other  items  to  raise  eyebrows  include  designs  for  3D  printed  weapons,  some  concerning 
books,  and  weapons. 


'Illegal'  Books  available  on  darknet  markets 


Weapon-related  books  on  darknet  markets 


Custom  weapons  order 


Custom  weapons  order  2 

Why  is  there  nothing  on  the  NSG  lists? 

The  original  purpose  of  the  study  however,  was  to  look  at  the  darknet  as  a place  to 
procure  items  for  use  in  the  nuclear  fuel  cycle.  How  is  it  possible  to  explain  that  not  a 
single  item  across  all  the  darknet  markets  was  found  that  would  be  considered  relevant 
to  the  nuclear  fuel  cycle?  This  should  be  considered  in  stark  contrast  to  the  nuclear 
cornucopia  available  on  the  biggest  business-to-business  markets,  which  sit  inside  an 
accountable  legal  framework  of  recorded  transactions  and  deliveries. 

One  possible  reason  is  the  logistics  of  shipping  small  quantities.  Drugs,  the  most 
commonly  sold  products,  are  vacuum  packed  to  hide  the  smell  from  sniffer  dogs  and 


then  concealed  as  innocuous  items  to  further  confound  the  authorities.  Much  of  this 
trade  may  be  domestic,  and  for  small  quantities  of  drugs  would  probably  fit  through  a 
letterbox.  Shipping  large  quantities  of  items,  such  as  those  required  for  a nuclear 
industrial  programme  are  much  harder  to  conceal.  For  transnational  shipping  the  items 
are  exported  and  are  likely  to  come  under  more  scrutiny  than  domestic  packaging.  It 
does  not  seem  that  sellers  on  the  darknet  markets  are  going  to  the  more  extreme 
measures  required  for  shipping  in  large  quantities  by  traditional  transnational  organised 
crime. 

However,  an  alternative  explanation  is  the  customer  base.  These  sites  have  been 
described  as  more  than  just  marketplaces,  but  spaces  where  drug  use  is  not  demonised 
and  where  there  is  freedom  of  association,  freedom  of  consumption  and  production. 
The  sites  have  been  described  as  a constructed  realisation  of  the  designers’  libertarian 

values  and  this  was  reflected  in  discussions  on  the  forums  of  libertarian  philosophy, 
online  personal  security  and  drug  use.  This  culture  persisted  in  the  mid  2000s  when  the 
software  required  to  access  the  dark  net  was  more  obscure  and  the  sites  were  populated 
with  ‘cyber  junkies’.  Since  markets  have  attracted  both  greater  interest  from  policing  and 
a lower  barrier  to  entry  (i.e.  the  ease  of  downloading  TOR)  this  has  shifted  the  makeup 
of  the  community.  A market  exists  for  drugs,  low-level  cybercrime  (such  as  hacking  and 
stealing  credit  card  information)  and  some  weapons,  but  selling  high-strength  carbon 
fibre  or  corrosion  resistant  pressure  transducers  does  not  fit  with  the  clientele  of  the 
markets.  For  sites  that  cater  almost  exclusively  to  drug  users,  how  would  a seller,  without 
using  another  medium,  convince  any  potential  buyer  to  visit  a darknet  market  in  the  first 
place  or  believe  that  any  product  offered  was  not  a sting? 

Some  markets  go  as  far  as  to  ban  weapons,  (some  even  explicidy  ban  WMD), 
pornography,  or  anything  other  than  drugs  in  their  terms  of  use.  This  appears  to  be  a 
community  that  is  mostly  interested  in  trading  drugs.  If  nuclear  fuel  cycle-related 
smuggling  is  occurring  on  the  darknet  then  it  is  on  the  truly  hidden  part  that  receives 
much  less  traffic.  A short-term  study  may  have  missed  sales  that  happened  in  previous 
months  and  years,  but  at  the  very  worst  this  would  mean  an  illicit  trade  in  nuclear-fuel 


cycle  related  goods  is  occurring  on  the  darknet  markets  very  infrequendy.  No  obvious 
category  even  exists  on  any  currendy  operating  market  from  which  to  sell  nuclear-fuel 
cycle  related  goods.  Sites  tend  to  follow  the  same  model  as  Silk  Road  with  a large  ‘drugs’ 
section  and  other  categories  such  as  ‘digital  goods’,  ‘erotica’,  and  ‘weapons’.  No  category 
such  as  machinery  or  industrial  supplies  exists  to  even  hint  at  this  kind  of  trade 
occurring. 

Of  course,  with  the  apparent  freedom  of  availability  through  legitimate  ecommerce 
platforms  why  would  somebody  trying  to  buy  an  item  for  a nuclear  programme  go  to 
the  darknet  in  the  first  place?  A secure  encrypted  communication  channel  would  be  used 
as  soon  as  a complied  supplier  is  found. 

Of  course,  as  noted  above,  fellow  researchers  at  King’s  have  looked  much  deeper  into 
the  darknet.  It  is  likely  that  all  the  markets  but  one  in  this  work  would  be  classified  as 
‘drugs’.  Many  possible  sites  with  relevance  to  nuclear  non-proliferation  and  nuclear 
security  have  yet  to  be  researched  in  detail  in  the  open  literature. 

What  the  future  may  hold 

Nevertheless,  the  role  of  darknet  markets  may  change  in  the  future.  Crackdowns  on 
legal  ecommerce  may  cause  items  to  be  harder  to  find  through  surface-web  ecommerce. 
Then  alternative  darknet  markets  could  spring  up  with  a different  focus  and  customer 
base  — although  the  Silk  Road  sister  site  for  weapons,  The  Armory,  reportedly  closed  in 
2012  due  to  lack  of  business.  As  noted,  there  are  well-hidden  parts  of  the  darknet  where 
illicit  industrial  may  be  already  happening.  However,  the  clear  web  could  see  more 
widespread  use  of  cryptocurrencies.  In  addition,  there  is  also  a trend  towards  increased 
use  of  encryption  software  amongst  ordinary  internet  users.  International  arms 
smugglers  are  likely  to  make  use  of  this  kind  of  technology  if  teens  are  adopting  it 
wholesale.  These  changes  could  introduce  further  challenges  to  export  control  regimes. 


